Browse code
libclamav/pe.c: drop old header check (bb#4699)
Tomasz Kojm authored on 2012/04/11 00:38:39Showing 2 changed files
| ... | ... |
@@ -738,22 +738,6 @@ int cli_scanpe(cli_ctx *ctx) |
| 738 | 738 |
return CL_CLEAN; |
| 739 | 739 |
} |
| 740 | 740 |
pe_plus = 1; |
| 741 |
- } else {
|
|
| 742 |
- /* |
|
| 743 |
- either it's got a PE32_SIGNATURE or |
|
| 744 |
- we enable win9x compatibility in that we don't honor magic (see bb#119) |
|
| 745 |
- either way it's a 32bit thingy |
|
| 746 |
- */ |
|
| 747 |
- if(EC16(optional_hdr32.Magic) != PE32_SIGNATURE) {
|
|
| 748 |
- if(!ctx->corrupted_input) |
|
| 749 |
- cli_warnmsg("Incorrect magic number in optional header\n");
|
|
| 750 |
- if(DETECT_BROKEN_PE) {
|
|
| 751 |
- if(ctx->virname) |
|
| 752 |
- *ctx->virname = "Heuristics.Broken.Executable"; |
|
| 753 |
- return CL_VIRUS; |
|
| 754 |
- } |
|
| 755 |
- cli_dbgmsg("9x compatibility mode\n");
|
|
| 756 |
- } |
|
| 757 | 741 |
} |
| 758 | 742 |
|
| 759 | 743 |
if(!pe_plus) { /* PE */
|